C:\windows\system32\taskmon.exe

Viruses and worms
181

Sorry my error, should indeed have been rundll32.exe, but same problem in replacing an essential file in use, infected or otherwise.

This file if corrupt should have an impact on your system.

What is the MD5 of your file ?
Mine on XP Pro SP3 (it would differ for different os/version) is:
rundll32.exe

MD5:
037B1E7798960E0420003D05BB577EE6

182

Mine is 037B1E7798960E0420003D05BB577EE6 which is right as my os is xp home edition service pack 3

183

So essentially it is the same as mine, if it were modified in any way the MD5 would be different and I don’t know if that would also be true if it were corrupt, but I would have thought so as the corrupted file is essentially changed.

Where that leaves us now is the question, whilst I have been following this at a distance, can you expand on the rundll32.exe problems that you mentioned (without me having to root through 13 pages) ?

184

DavidR,

Full explanation is on page 12 half way down reply #174

185

First I have to say I prefer the virustotal scanner as a) it has currently 37 different scanners and b) it uses the windows version of avast, so it more in keeping with what you have.

The main thing is that the important version of rundll32.exe in system32 is OK. Well lets put it this way it is the same as mine and a) I don’t get any detection by avast and b) I have no apparent dll issues which would be apparent if it were infected or corrupt.

The versions in the other locations are likely to be different but for S&D to get detections on all I find highly suspect. But then again there are the jotti results ???

Personally I would probably discount the S&D results and go with a) not experiencing any rundll32.exe problems, e.g. other dlls not running properly, b) suspicious behaviour, pop-up ads, redirects or attempts to open web sites you didn’t request, etc.

So I have decided to upload my version of rundll32.exe to virustotal and there are zero hits from 38 different scanners, http://www.virustotal.com/analisis/1bd0ad1185cf0ffb35facbf1ec6a43e5. Since the MD5 of your file is the same you can assume yours too is clean.

186

DavidR,

What would be interesting is for you to submit your file to Jotti and see if it tells you that it’s corrupt and also test your file with Spybot. If you get the same reactions as me then I think we can definitely say that it’s a false positive ???

187

Zero detections.

I don’t have S&D I abandoned it ages ago and sorry I’m not prepared to download it in dial-up. I prefer to take the word of a) the 38 scanners on VT and b) the 20 scanners on Jotti (some will be the same as VT).

Getting close to 3.am. here and I have had enough for the day ;D

188

DavidR

Thanks for your help - I have rerun jotti and virustotal and both have come up zero!! I don’t know why Jotti gave me false reports first time round ???

I will now discount any problems with rundll32.exe as being a false alarm but still leaves me with Avast reporting Taskmon as a suspicious file and yet it does not exist.

189

You’re welcome.

I would continue to allow it to be sent to avast if it continues to be detected and select Ignore. If nothing else it will bump the analysis of the ‘non-existent’ file, which it can’t be, it has to exist, why you can’t find it is beyond me.

190

But nothing gets sent to Avast as we have already established that nothing ends up in the spooler file so nothing gets uploaded to Avast. We have even done a test with eicar to check that the spooler works. Taskmon.exe is not a running process, no other rootkit program picks it up, no scans by any other virus program picks it up including an online Karspersky. Even done a line by line check of all windows directories via recovery console and found nothing. Maxx wanted me to try winhex but I can’t get it to install it just freezes and I then need to cancel the setup application.

191

Well I don’t know how it can detect nothing and is a mystery.

Taskmon.exe is a win98/ME file in XP this is taskmgr.exe XP equivalent. Did you ever have win98/ME on this system ?

http://www.google.co.uk/search?q=Taskmon.exe The first few hits on here also mention malware association on this file name.

http://www.auditmypc.com/process/taskmon.asp

You should treat this process with caution. Examples of viruses that go by the name taskmon.exe are the Novarg, MyDoom and MiMail.

taskmon.exe is considered to be a security risk, not only because antivirus programs flag Possible Virus / Taskmanager as a virus, but also because a number of users have complained about its performance.

http://www.threatexpert.com/files/taskmon.exe.html

So outside of this I don’t know what else to suggest.

192

DavidR,

I have checked out all the possible files shown in threatexpert and have even run the threat expert program. Have tested for all forms of taskmon, taskmgr and taskmanager. If the file is there then it is very well hidden.

193

Sorry but I’m running on empty as to what else to suggest.

194

Guys,

Has anything been changed on Avast in the last couple of days?

My suspicious file message has suddenly stopped appearing - been like this for a couple of days and I have done several reboots without it appearing.

Very strange but very welcome ::slight_smile:

195

Vlk did some small changes to verifying routine of the suspicious files… it could solve this strange problem, but it was not made specially to do that…

196

Even though… I am very grateful to get rid of this problem.

My sincere thanks to all of you for trying to help me resolve this matter. You all do a wonderful job.

Have a very merry Xmas when it comes!! :wink: